Enable FTP Passive port range

What is Active FTP

1. A user connects from a random port on a file transfer client to port 21 on the server. It sends the PORT command, specifying what client-side port the server should connect to. This port will be used later on for the data channel and is different from the port used in this step for the command channel.

2. The server connects from port 20 to the client port designated for the data channel. Once connection is established, file transfers are then made through these client and server ports.


What is Passive FTP

1. The client connects from a random port to port 21 on the server and issues the PASV command. The server replies, indicating which (random) port it has opened for data transfer.

2. The client connects from another random port to the random port specified in the server’s response. Once connection is established, data transfers are made through these client and server ports.


Enable the passive port range for Pure-FTPd

vi /etc/pure-ftpd.conf configuration file

enable the passive port range

PassivePortRange 30000 50000

Save the pure-ftpd.conf file and restart FTP service.

/etc/init.d/pure-ftpd restart

Enable the passive port range for ProFTPd

vi /etc/proftpd.conf

add the following settings.

PassivePorts 30000 50000

Save the file and restart proftpd service.

You should enable passive port range into the server firewall.

CSF Firewall

vi /etc/csf/csf.conf

add port range 30000:50000



TCP_IN = "20,21,22,25,53,80,110,143,443,465,587,993,995,2077,2078,2082,2083,2086,2087,2095,2096,30000:50000" TCP_OUT = "20,21,22,25,37,43,53,80,110,113,443,587,873,2087,2089,2703,30000:50000"

No need to update in iptables if you have installed CSF firewall.


iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

cPHulk Brute Force Protection

WHM/cPanel has a service, protected from Brute Force attack, which is called “cPHulk Brute Force...

Enable SSH key authorized login without root password

You need to generate SSH Key ( the private key )on your cpanel server and then update remote...

How can I Redirect URLs in cPanel

Login your cpanel 1. Click the Redirects button on the front page under the “domains” 2. Enter...

Enable Custom php.ini for Fast CGI

With fast-cgi, custom php.ini needs to be in the cgi-bin folder. 1) Move php.ini to cgi-bin...

ConfigServer Firewall CSF installation

ConfigServer firewall is a popular linux firewall security suite. It is easy to install, flexible...

Powered by WHMCompleteSolution